VaKeR CYBER ARMY
Logo of a company Server : Apache
System : Linux host44.registrar-servers.com 4.18.0-513.18.1.lve.2.el8.x86_64 #1 SMP Sat Mar 30 15:36:11 UTC 2024 x86_64
User : vapecompany ( 2719)
PHP Version : 7.4.33
Disable Function : NONE
Directory :  /lib64/nagios/plugins/nccustom/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //lib64/nagios/plugins/nccustom/check-cagefs-status.sh
#!/bin/bash

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin


#input option

PROGNAME=${0##*/}

print_usage() {
    echo ""
    echo "Usage: $PROGNAME -h | --help"
}

print_help() {
        print_usage
        echo ""
        echo "This script check CageFS status (see TOP-400)"
        echo ""
        echo "-h help Print this help screen"
        echo "--help Print this help screen"
        echo ""
        exit 3
}

while [ $# -gt 0 ]; do

        case "$1" in

        --help)
        print_help
        exit 3
         ;;

        -h)
        print_help
        exit 3
         ;;

        *)
        echo >&2 "Unknown argument: $1"
        print_usage
        exit 3
        ;;

        esac
        shift
done

# 1-CageFS -ON/Off
# 2-CageFS config is not valid
# 3-CageFS is not initialized
# 4-There is at least one user with disabled CageFS
# 5-Total users without mounts
# 6-Not allowed suid files in CageFS

if ! /usr/sbin/cagefsctl --cagefs-status > /dev/null 2>&1; then
    echo "CRITICAL. CageFS is not enabled"
    exit 2
fi

if ! /usr/sbin/cagefsctl --sanity-check > /dev/null 2>&1; then
   failstr=$(/usr/sbin/cagefsctl --sanity-check | grep -i failed)
   echo "CRITICAL. CageFS config is not valid. ${failstr}"
   exit 2
fi

if ! /usr/sbin/cagefsctl --check-cagefs-initialized > /dev/null 2>&1; then
    echo "CRITICAL. CageFS is not initialized"
    exit 2
fi

mapfile -t CMD  < <(/usr/sbin/cagefsctl --list-disabled)
 if [ ! "${#CMD[@]}" == 0 ]; then
     echo "CRITICAL! ${CMD[@]}"
     exit 2
 fi

log_file="/var/log/nc_audit/cagefs_mounts.log"
log_line=$(tail -n 2 "$log_file" | head -n 1)
if [[ "$log_line" == *"Total users without mounts"* ]]; then
    echo "$log_line"
    exit 2
fi

log_file_suid="/var/log/nc_audit/cagefs_suid_check.log"
if [ -s "$log_file_suid" ]; then
    last_line_suid=$(tail -n 1 "$log_file_suid")
    if [[ "$last_line_suid" != *"OK."* ]]; then
        echo "CRITICAL. Not allowed suid files:"
        tac "$log_file_suid" | awk '/OK./{exit}1' | tac
        exit 2
    fi
fi


echo "OK. CageFS in good state"
exit 0

VaKeR 2022